Cyber Security Stats 2024: A Look Inside a Typical SOC
What tools does the average security operations centre (SOC) use in 2024? What gets in the way when they deploy a new tool? And how stressed are security pros really?
These were just some of the questions we wanted to find out the answer to when we partnered with OnePoll at the end of 2023/the start of 2024. Together, we surveyed 250 British and Irish Heads of IT at companies with 500+ employees.
Here’s what they said.
Tools in a SOC
When we asked our respondents what type of cybersecurity solutions they currently used in their SOCs, they said:
74% use network detection and response (NDR) tools.
73% use security information and event management (SIEM) platforms.
73% use threat detection and response tools.
72% use endpoint detection and response (EDR) tools.
57% use extended detection and response (XDR) platforms.
Company size matters. The larger the organisation, the more likely it is to deploy the latest generation of security tools, such as extended detection and response.
72% of organisations with 5000 - 10000 employees use XDR in their SOC. This is in contrast to 49% of organisations with 500-999 employees and 54% of organisations with 1000-4999 employees.
More is more?
Even though it’s been proven time and time again that having more security tools does not necessarily improve security, this myth persists.
78% of our respondents think that more cybersecurity tools equals better protection. Of these, 40% think so strongly.
A far smaller percentage know that more is not always more.
Only 8% don’t think the more tools you purchase, the more protected you are. Of these, only 2% strongly disagreed that having more tools increases security.
Cyber purchasing decisions
When security leaders think about buying cyber tools:
59% look for effectiveness against specific threats.
51% look for integration capabilities.
42% look for ease of implementation.
41% look at cost.
38% take into account legacy technologies in place.
34% look at vendor reputation.
21% look for recommendations from peers.
Headline cyber attacks drive adoption. Many organisations buy new tools because of/as a result of global security incidents:
56% of respondents bought new tools because of MoveIT.
56% bought new tools because of Solarwinds.
37% bought new tools because of Log4j.
Only 1 in 5 organisations surveyed said global security incidents did not impact their tool purchasing decisions.
New tool adoption challenges
Integrating new cybersecurity tools into their existing security stacks is a challenge for most organisations.
On average, integration takes anywhere between 1 and 5 months.
Diving into adoption times, we learned:
16% said new tool integration takes less than a month.
44% said new tool integration takes 1-2 months.
33% said new tool integration takes 3-5 months.
7% said new tool integration takes 6 months or longer.
Training teams on new tools is also a time-intensive process.
On average, it takes teams between 1 - 5 months to train employees on how to use new cybersecurity tools.
Asked roughly how long it takes to get their teams up to speed with new tech:
16% said training takes less than a month.
41% said training takes 1-2 months.
34% said training takes 3-5 months.
9% said training takes 6 months or longer
Organisation size has an impact here, too. The bigger the company, the longer adoption takes.
42% of organisations with 5000-10000 employees said it takes them 3-5 months to train teams on new cyber tools. Only 14% of organisations with 500-999 employees said the same.
There seems to be a consensus among IT and cyber pros that the time they spend integrating new tools and training employees could be better spent elsewhere.
Asked which activities would be more productive than having to adopt new tools:
79% said security awareness training.
66% said vulnerability scanning.
64% said researching new tools.
54% said proactive threat hunting.
2% said none in particular/ didn’t think any activities would have been more productive.
Only 2% of cyber and IT pros think that time spent adopting new tools would not have been better spent elsewhere.
Security budgets
2023 was a good year for security budgets. Most of the organisations we surveyed did not experience budget cuts, and the vast majority saw their cybersecurity budgets go up.
67% said their cybersecurity budgets increased.
For some organisations, cyber budgets stayed the same. 1 in 4 respondents said security budgets within their organisations remained unchanged.
Only 7% of organisations decreased their security budgets.
However, security spending increases are still not meeting the challenge of security IT environments. For larger organisations specifically, security budgets are falling short of the level IT leaders feel they need.
60% of organisations with 5000 to 10000 employees said budget constraints were a challenge in managing and responding to threats.
Only 28% of organisations with 500-999 employees said the same.
Challenges in managing and responding to threats
From ransomware to human error, there's a lot to contend with when it comes to monitoring for and responding to threats.
According to our respondents, these are the top challenges:
53% said external threats like ransomware, phishing, and advanced persistent threats (APTs)
53% said integrating security measures into existing IT infrastructure and business processes.
50% said lack of awareness about cybersecurity threats among employees.
49% said rapid technological changes.
45% said securing remote work environments.
42% said inadequate risk management.
42% said budget constraints.
42% said internal threats (whether unintentional or malicious).
41% said lack of skilled personnel.
40% said vendor and third-party risks.
39% said lack of visibility.
39% said incident response.
38% said compliance with regulations.
While lack of employee awareness about cyber threats was a top three challenge overall, awareness was actually the main challenge for organisations with 5000-10000 employees. This was followed by integrating security measures into existing IT infrastructure and business practices (71%) and rapid tech changes (69%).
For organisations with 500-999 employees, the three main challenges were external threats (55%), integrating security measures into existing IT infrastructure and business processes (50%), and lack of awareness about cyber threats among employees (42%).
Organisations with 1000-4999 employees said the biggest challenges were external threats (44%), integrating security measures (44%), and securing remote work environments (43%).
The takeaway?
Integrating security measures into existing infrastructure and processes is a core challenge, regardless of an organisation's size.
In general, organisations with 5000-10000 employees seem to suffer from, or at least be more aware of, more threats than their smaller peers. For example:
Internal threats were a bigger challenge to organisations with 5000-10000 employees (62%) versus organisations with 500-999 employees (31%).
Compliance with regulations was the least significant challenge to organisations with 1000-4999 employees (22%) compared to organisations with 5000-10000 employees (66%).
Only 26% of respondents from organisations with 500-999 employees said lack of visibility was a challenge for them, compared to 65% for organisations with 5000-10000 employees.
Stress
Burnout is rife among security professionals.
Among the organisations we surveyed, 95% said stress experienced by cybersecurity professionals impacts staff retention.
Of these, 34% said stress has a significant impact on retention.
Just 1% said they don’t feel that cybersecurity professionals in their organisation experience stress.
Cyber stress impacts organisations of all sizes but seems to get worse the bigger an organisation is—56% of organisations with 5000-10000 employees said stress “significantly” impacts staff retention, compared to 27% of organisations with 500-999 employees and 26% of organisations with 1000-4999 employees.
The good news is that there are steps organisations can take to reduce stress, including more strategic tool investment.
When we asked our respondents what kind of tools would have the most impact on reducing their security team’s levels of stress:
83% said tools that use AI to automate security activity.
81% said tools that help provide security awareness training to other employees.
53% said tools which reduce alerts.
The bigger the organisation, the more desire there is to reduce alerts. 70% of organisations with 5000-10000 employees said tools which reduce alerts would be helpful compared to 40% of organisations with 500-999 employees.
For organisations with 5000-10000 employees, the tool that would make the most difference in reducing stress is one that would help provide security awareness training to employees.